The Federal Trade Commission (“FTC”) released its 2019 Privacy and Data Security Update, highlighting its enforcement actions in 2019 directed to the protection of consumer privacy and data security.
In the roundup of 2019 Privacy Cases, the Update highlights the FTC’s and the Department of Justice’s record $5 billion penalty imposed on Facebook—the largest ever imposed on any company for violating consumer’s privacy– concerning allegations that Facebook violated the FTC’s 2012 order against the company. Other notable privacy cases include the enforcement action against data analytics company Cambridge Analytica and its former CEO, Alexander Nix, and app developer, Aleksandr Kogan, alleging that the defendants used false and deceptive tactics to harvest personal information from millions of Facebook users for voter profiling and targeting, as well as the FTC’s first action against a developer of a “stalking app,” Retina-X, alleging that the company’s practices enabled use of its apps for stalking and other illegitimate purposes. The FTC’s enforcement activities spanned several other alleged abuses concerning spam, deception as to use of personal emails, purchase and collection of counterfeit and phantom debts, bogus credit repair services and student loan debt relief schemes, and deceptive lead generators.
With respect to the 2019 Data Security and Identity Theft Cases, the Update highlights the settlement with Equifax, with totals between $575-700M, as well as several enforcement actions alleging failure to store sensitive personal information, including Social Security numbers, in an encrypted format as well as failure to use reasonable, low-cost, and readily available security protections to safeguard personal information of clients.
The Update also highlights two actions involving violations of the Gramm-Leach-Bliley Safeguards rule; thirteen actions involving false claims of participation in Privacy Shield; four actions involving violations of the Children’s Online Privacy Protection Act, including a $170 million judgment against Google and its subsidiary YouTube, the largest civil penalty amount under COPPA; and eight actions enforcing the Do Not Call provisions against telemarketers.
As reflected in the Update, 2019 was a banner-year for the FTC, with its record-setting $5 billion penalty against Facebook and the $170 COPPA fine against Google and YouTube. Will 2020 top it?